diff options
Diffstat (limited to 'man/loader.conf.xml')
| -rw-r--r-- | man/loader.conf.xml | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/man/loader.conf.xml b/man/loader.conf.xml index 38a80861b8..cef20b59d8 100644 --- a/man/loader.conf.xml +++ b/man/loader.conf.xml @@ -153,6 +153,22 @@ <listitem><para>Takes a boolean argument. Enable (the default) or disable the "Reboot into firmware" entry.</para></listitem> </varlistentry> + + <varlistentry> + <term>random-seed-mode</term> + + <listitem><para>Takes one of <literal>off</literal>, <literal>with-system-token</literal> and + <literal>always</literal>. If <literal>off</literal> no random seed data is read off the ESP, nor + passed to the OS. If <literal>with-system-token</literal> (the default) + <command>systemd-boot</command> will read a random seed from the ESP (from the file + <filename>/loader/random-seed</filename>) only if the <varname>LoaderSystemToken</varname> EFI + variable is set, and then derive the random seed to pass to the OS from the combination. If + <literal>always</literal> the boot loader will do so even if <varname>LoaderSystemToken</varname> is + not set. This mode is useful in environments where protection against OS image reuse is not a + concern, and the random seed shall be used even with no further setup in place. User <command>bootctl + random-seed</command> to initialize both the random seed file in the ESP and the system token EFI + variable.</para></listitem> + </varlistentry> </variablelist> </refsect1> |